CVE-2017-4985

{"id": "CVE-2017-4985", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-06-19T12:29:00.293", "references": [{"url": "http://www.securityfocus.com/archive/1/540738/30/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/99037", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/archive/1/540738/30/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/99037", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system."}, {"lang": "es", "value": "En EMC VNX2 en versiones anteriores a OE for File 8.1.9.211 y VNX1 en versiones anteriores a OE for File 7.1.80.8, un usuario local autenticado podr\u00eda escalar sus privilegios a root debido a que no se realizan comprobaciones de autorizaci\u00f3n en ciertos scripts de perl. Esto podr\u00eda ser explotado por un atacante para ejecutar comandos arbitrarios como root en el sistema VNX Control Station objetivo."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emc:vnx2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1DC2941-60A4-4232-AB6C-B5C3F5E0A034"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emc:vnx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CA171162-0FF7-43B3-A5D4-9C954E5B37D6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:emc:vnx1_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4EE4E75-2B7D-4826-BFD8-84739A554316"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emc:vnx1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5C707E8E-AC08-4B58-9AA1-2850A8BC94F8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}